At least in Washington, it’s perfectly legal for cars to store text messages and call records from connected smartphones.

According to The Register (It’s perfectly legal for cars to harvest your texts, call logs, written by Brandon Vigliarolo and available here), Honda, Toyota, Volkswagen, and General Motors were all facing charges in separate but related class-action suits that all claimed they violated Washington state privacy laws. The cases were all dismissed in court earlier this year, and the US Court of Appeals for the Ninth Circuit decided last week they weren’t going to reopen the cases to further litigation.

The Circuit judges hearing the case lumped all of them together because “the factual background and legal issues are virtually identical,” and dismissed the appeal not because the automakers hadn’t done anything wrong, but rather because the claims didn’t meet the Washington Privacy Act’s (WPA) statutory injury requirements.

“To succeed at the pleading stage of a WPA claim, a plaintiff must allege an injury to ‘his or her business, his or her person, or his or her reputation,'” the judges ruled. “Contrary to Plaintiffs’ argument, a bare violation of the WPA is insufficient to satisfy the statutory injury requirement.”

The Court also added: “The district court properly dismissed Plaintiffs’ claim for failure to satisfy the WPA’s statutory injury requirement. See WASH.REV.CODE § 9.73.060.”

The Ninth Circuit judges’ determination was based on the dismissal of a fifth class-action lawsuit in Washington that made the same arguments against Ford, which was dismissed in late October on identical grounds. One of the same Ninth Circuit judges, Michael Daly Hawkins, was on the appeals panel that made both decisions.

In other words, it’s perfectly legal for your car to “automatically and without authorization, instantaneously intercept, record, download, store, and [be] capable of transmitting” text messages and call logs since the privacy violation is potential, but the injury not necessarily actual.

Two observations:

1. Washington is not one of the 12 states that has enacted a comprehensive data privacy law (only 4 of them are in effect so far). According to the International Association of Privacy Professionals (IAPP)’s US State Privacy Legislation Tracker, Washington did introduce a People’s Privacy Act earlier this year (SB 5643/HB 1616), but it didn’t advance past the committee stage. I would be interested to know if there have been lawsuits in any of the states where a comprehensive data privacy law is in use.
2. The ruling referenced the Washington Privacy Act, but I’m not finding that bill was ever enacted. It passed the Washington state senate in 2019, but I don’t find that it ever advanced beyond that. The code referenced by the Court was Revised Code of Washington (RCW) § 9.73.060, which states (among other things): “Any person who, directly or by means of a detective agency or any other agent, violates the provisions of this chapter shall be subject to legal action for damages, to be brought by any other person claiming that a violation of this statute has injured his or her business, his or her person, or his or her reputation.”

Would a US comprehensive data privacy law change things? Maybe. Will we see one get enacted anytime soon. Doubtful.

So, what do you think? Can you believe it’s perfectly legal for cars to harvest your texts and call logs, at least in Washington state? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.